aee5f898961105ff97a05c7f847b15ae2e29c9270a20f46caf24e525216d6a17[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

aee5f898961105ff97a05c7f847b15ae2e29c9270a20f46caf24e525216d6a17.exe
Size

282KB
MD5

38f3d7cdc3ec83dfd3b8309b569481bc
SHA1

4398b03f857a45af838f0d2b8094a367708c0968
SHA256

aee5f898961105ff97a05c7f847b15ae2e29c9270a20f46caf24e525216d6a17
SHA512

14d6d4c611a910c5e9b83c58f42acdee9dd69356066dabdef7386d5c8dc67ab9e153f2e906097f44324babfbf8c5ea0b7156c0befeecb39eaf639fefa24c0858
SSDEEP

3072:uvgIGSgSWSQ2qobyyBPgKlBkqdX2z6oXo:SgIGSgpSQ2J7PLlBkYXxoY

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aee5f898961105ff97a05c7f847b15ae2e29c9270a20f46caf24e525216d6a17.exe

Files

aee5f898961105ff97a05c7f847b15ae2e29c9270a20f46caf24e525216d6a17.exe
.exe windows:1 windows x86 arch:x86

bd929e3c80fcb583a4f0c6130deb2c49

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
CreateThread
LocalFree
CloseHandle
CreateEventW
SetEvent
CreateProcessW
GetVersionExA
GetVersionExW
GetLastError
SetLastError
GetModuleFileNameW
lstrcmpiW
FormatMessageW
GetCommandLineW
CreateFileW
FlushFileBuffers
GetStringTypeW
GetSystemTimeAsFileTime
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlUnwind
Sleep
HeapSize
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
HeapReAlloc
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
SetErrorMode
VirtualAlloc

user32

MessageBoxA
SetClassLongW
EnumDisplayMonitors
GetClipCursor
GetProcessWindowStation
GetWindowInfo
LoadMenuA
ShowScrollBar
InvalidateRect
MonitorFromPoint
AdjustWindowRectEx
InflateRect
GetUserObjectSecurity
PostThreadMessageW
GetMenuContextHelpId
CreateIconFromResourceEx
GetTopWindow
SetWindowRgn
CreateIcon
UnpackDDElParam
EnumWindowStationsA
SendInput
TrackPopupMenu
MsgWaitForMultipleObjects
LoadIconA
GetOpenClipboardWindow
IsMenu
GetMessagePos
CharNextA

gdi32

UnrealizeObject
TranslateCharsetInfo
SetTextAlign
GetCharWidthInfo
RoundRect
CopyEnhMetaFileA
EngGetCurrentCodePage
SetDIBitsToDevice
EngReleaseSemaphore
GetDIBits
GetBrushOrgEx
ExtCreateRegion
GetPixelFormat
XLATEOBJ_hGetColorTransform
GetEnhMetaFileA
CreateDiscardableBitmap
CreateBitmap
TextOutW
GetViewportOrgEx
SetColorSpace
GetHFONT
CreateRoundRectRgn
PolyPatBlt
FONTOBJ_pQueryGlyphAttrs
EngBitBlt
EnumICMProfilesW
CreateRectRgnIndirect
OffsetRgn
StrokeAndFillPath
SetBitmapBits
GetRandomRgn
CreateColorSpaceW
GetStockObject
AddFontResourceW
GetLayout
RealizePalette

comdlg32

PrintDlgW

advapi32

RegQueryValueExW
SetSecurityDescriptorDacl
StartServiceW
ControlService
RegOpenKeyExW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
DeleteService
CreateServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCloseKey
RegOpenKeyA
RegQueryValueExA

shell32

ShellExecuteExW
SHGetSpecialFolderLocation
DuplicateIcon
ExtractIconExW
DragFinish
SHGetSettings
Shell_NotifyIconW
ShellExecuteEx
SHGetDesktopFolder
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHGetInstanceExplorer
ShellExecuteW
ExtractIconW
SHGetDataFromIDListA

ole32

OleUninitialize
CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

StrCmpNIA
StrCmpNA

comctl32

ImageList_Destroy
InitializeFlatSB

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd929e3c80fcb583a4f0c6130deb2c49

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 79KB - Virtual size: 78KB

.data Size: 180KB - Virtual size: 180KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 79KB - Virtual size: 78KB

.data
Size: 180KB - Virtual size: 180KB

.rsrc
Size: 17KB - Virtual size: 16KB